Download copy of Perspectives on Cyber Risk 2017

Join the CHQA Members' Centre

In the CHQA Members' Centre, members can access CHQAnalysis (our in-depth analysis of current issues), News (weekly summaries of governance news), Board Shorts (succinct answers to directors' governance questions), a search facility extending over various governance categories, and information about our seminars and other events.

Apply for CHQA Membership here.

The CHQA Members' Centre is password protected and accessible only to members. There is no joining fee for eligible applicants.

Perspectives on Cyber Risk
play video
(Click to edit)

AUSTRAC seeks civil penalty orders against Commonwealth Bank of Australia

AUSTRAC seeks civil penalty orders against Commonwealth Bank of Australia

August 7, 2017 12:35 PM | Print this page

Australia’s financial intelligence and regulatory agency, AUSTRAC have issued a media release stating that it has initiated civil penalty proceedings against the Commonwealth Bank of Australia (CBA) for 'serious and systemic non-compliance with the with the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (AML/CTF Act).

AUSTRAC’s action alleges over 53,700 contraventions of the AML/CTF Act.

In summary AUSTRAC alleges that:

  • The CBA did not comply with its own AML/CTF program, because it did not carry out any assessment of the money laundering and terrorism financing (ML/TF) risk of Intelligent Deposit Machines (IDMs) before their rollout in 2012. CBA took no steps to assess the ML/TF risk until mid-2015 (three years after they were introduced).
  • For a period of three years, CBA did not comply with the requirements of its AML/CTF program relating to monitoring transactions on 778,370 accounts.
  • The CBA failed to give 53,506 threshold transaction reports (TTRs) to AUSTRAC on time for cash transactions of $10,000 or more through IDMs from November 2012 to September 2015. These late TTRs represent approximately 95% of the threshold transactions that occurred through the bank’s IDMs from November 2012 to September 2015 and had a total value of around $624.7m.
  • AUSTRAC alleges that the bank failed to report suspicious matters either on time or at all involving transactions totalling over $77m.
  • Even after CBA became aware of suspected money laundering or structuring on CBA accounts, it did not monitor its customers to mitigate and manage ML/TF risk, including the ongoing ML/TF risks of doing business with those customers.

The AUSTRAC media release states that acting CEO, Peter Clark has said that the action should send a clear message to all reporting entities about the importance of meeting their AML/CTF obligations.

Commonwealth Bank response
The CBA issued a statement in response 'acknowledging' that civil proceedings have been brought by AUSTRAC and saying that the bank has 'been in discussions with AUSTRAC for an extended period and have cooperated fully with their requests. Over the same period we [the CBA] have worked to continuously improve our compliance and have kept AUSTRAC abreast of those efforts, which will continue.' The statement also affirms the investment and commitment the bank has made in compliance: 'We [the CBA] take our regulatory obligations extremely seriously and we are one of the largest reporters to AUSTRAC. On an annual basis we report over four million transactions to AUSTRAC in an effort to identify and combat any suspicious activity as quickly and efficiently as we can. We have invested more than $230 million in our anti-money laundering compliance and reporting processes and systems, and all of our people are required to complete mandatory training on the Anti-Money Laundering and Counter-Terrorism Financing Act.'

The statement concludes that the bank is 'reviewing the nature of the proceedings and will have more to say on the specific claims in due course'. A tweet from the CBA newsroom published after the written statement says: 'We're reviewing AUSTRAC's claim closely and will file a statement of defence'.
According to Banking Day, an AUSTRAC spokeswoman declined to suggest the magnitude of any penalty. However, Banking Day comments that to date, the largest successful AML action was against Tabcorp who paid $45m in fines for 108 alleged breaches – this action alleges 53,700 breaches.
The allegations have received wide media coverage, most commentators expressing shock at the scale of the allegations, The Australian also suggesting that the CBA may risk a $1bn fine. The AFR adds that 'It shows that even institutions that spend $1 billion a year on technology can miss fundamental flaws in the software that underpins critical financial infrastructure'.

[Sources: The AFR 04/08/2017; 04/08/2017; 04/04/2017; The Australian 04/08/2017; [registration required] The WSJ 03/08/2017; The Australian 04/08/2017; Banking Day 04/08/2017; AUSTRAC media release: AUSTRAC seeks civil penalty orders against CBA 03/08/2017; Concise Statement lodged with Federal Court by Austrac NSD1305/2017 03/08/2017; CBA Media Release: Commonwealth Bank response to AUSTRAC civil proceedings 03/08/2017; CBA Newsroom@CBAnewsroom 12:09pm 03/08/2017]

This post appears under the following topics;